exiftool: fix sandboxing

and with that, also fixes Megapixels open-image button :)
2024-12-03 03:52:29 +00:00
parent 6340a35fb9
commit cb9aba095d
2 changed files with 5 additions and 2 deletions
--- a/hosts/common/programs/exiftool.nix
+++ b/hosts/common/programs/exiftool.nix
@@ -1,6 +1,9 @@
 { ... }:
 {
  sane.programs.exiftool = {
-    sandbox.autodetectCliPaths = "existingFile";
+    # exiftool modifies files by writing out a new file adjacent to it and then `mv`ing it over the original file.
+    # this requires it to have write access to the *parent* of whatever file it's operating on.
+    sandbox.autodetectCliPaths = "parent";
+    # sandbox.autodetectCliPaths = "existingFile";
  };
 }
--- a/hosts/common/programs/megapixels-next.nix
+++ b/hosts/common/programs/megapixels-next.nix
@@ -43,7 +43,7 @@ in
    sandbox.wrapperType = "inplace";  #< for share/megapixels/movie.sh
    sandbox.whitelistDri = true;
    sandbox.whitelistWayland = true;
-    sandbox.whitelistDbus = [ "user" ];  #< so that it can in theory open the image viewer using fdo portal... but it doesn't :|
+    sandbox.whitelistDbus = [ "user" ];  #< so that it can open the image viewer using fdo portal...
    sandbox.extraHomePaths = [
      # ".config/megapixels"
      ".cache/mesa_shader_cache"  # loads way faster